Apache Openoffice vulnerabilities

59 known vulnerabilities affecting apache/openoffice.

Total CVEs

CISA KEV

Public exploits

Exploited in wild

Severity breakdown

CRITICAL15HIGH27MEDIUM17

Vulnerabilities

Page 2 of 3

CVE-2011-2177HIGHCVSS 7.8v3.3.02019-11-27

CVE-2011-2177 [HIGH] CVE-2011-2177: OpenOffice.org v3.3 allows execution of arbitrary code with the privileges of the user running the O OpenOffice.org v3.3 allows execution of arbitrary code with the privileges of the user running the OpenOffice.org suite tools.

nvd

CVE-2018-11790HIGHCVSS 7.8≤ 4.1.52019-01-31

CVE-2018-11790 [HIGH] CWE-682 CVE-2018-11790: When loading a document with Apache Open Office 4.1.5 and earlier with smaller end line termination When loading a document with Apache Open Office 4.1.5 and earlier with smaller end line termination than the operating system uses, the defect occurs. In this case OpenOffice runs into an Arithmetic Overflow at a string length calculation.

nvd

CVE-2018-10583HIGHCVSS 7.5PoCv4.1.52018-05-01

CVE-2018-10583 [HIGH] CWE-200 CVE-2018-10583: An information disclosure vulnerability occurs when LibreOffice 6.0.3 and Apache OpenOffice Writer 4 An information disclosure vulnerability occurs when LibreOffice 6.0.3 and Apache OpenOffice Writer 4.1.5 automatically process and initiate an SMB connection embedded in a malicious file, as demonstrated by xlink:href=file://192.168.0.2/test.jpg within an office:document-content element in a .odt XML document.

nvd

CVE-2017-12608HIGHCVSS 7.8fixed in 4.1.42017-11-20

CVE-2017-12608 [HIGH] CWE-787 CVE-2017-12608: A vulnerability in Apache OpenOffice Writer DOC file parser before 4.1.4, and specifically in Import A vulnerability in Apache OpenOffice Writer DOC file parser before 4.1.4, and specifically in ImportOldFormatStyles, allows attackers to craft malicious documents that cause denial of service (memory corruption and application crash) potentially resulting in arbitrary code execution.

nvd

CVE-2017-9806HIGHCVSS 7.8fixed in 4.1.42017-11-20

CVE-2017-9806 [HIGH] CWE-787 CVE-2017-9806: A vulnerability in the OpenOffice Writer DOC file parser before 4.1.4, and specifically in the WW8Fo A vulnerability in the OpenOffice Writer DOC file parser before 4.1.4, and specifically in the WW8Fonts Constructor, allows attackers to craft malicious documents that cause denial of service (memory corruption and application crash) potentially resulting in arbitrary code execution.

nvd

CVE-2017-12607HIGHCVSS 7.8fixed in 4.1.42017-11-20

CVE-2017-12607 [HIGH] CWE-787 CVE-2017-12607: A vulnerability in OpenOffice's PPT file parser before 4.1.4, and specifically in PPTStyleSheet, all A vulnerability in OpenOffice's PPT file parser before 4.1.4, and specifically in PPTStyleSheet, allows attackers to craft malicious documents that cause denial of service (memory corruption and application crash) potentially resulting in arbitrary code execution.

nvd

CVE-2016-6804HIGHCVSS 7.8fixed in 4.1.32017-11-20

CVE-2016-6804 [HIGH] CWE-264 CVE-2016-6804: The Apache OpenOffice installer (versions prior to 4.1.3, including some branded as OpenOffice.org) The Apache OpenOffice installer (versions prior to 4.1.3, including some branded as OpenOffice.org) for Windows contains a defective operation that allows execution of arbitrary code with elevated privileges. This requires that the location in which the installer is run has been previously poisoned by a file that impersonates a dynamic-link library that

nvd

CVE-2017-3157MEDIUMCVSS 5.5≤ 4.1.32017-11-20

CVE-2017-3157 [MEDIUM] CWE-200 CVE-2017-3157: By exploiting the way Apache OpenOffice before 4.1.4 renders embedded objects, an attacker could cra By exploiting the way Apache OpenOffice before 4.1.4 renders embedded objects, an attacker could craft a document that allows reading in a file from the user's filesystem. Information could be retrieved by the attacker by, e.g., using hidden sections to store the information, tricking the user into saving the document and convincing the user to send t

nvd

CVE-2016-6803HIGHCVSS 7.8≤ 4.1.22017-11-13

CVE-2016-6803 [HIGH] CWE-426 CVE-2016-6803: An installer defect known as an "unquoted Windows search path vulnerability" affected the Apache Ope An installer defect known as an "unquoted Windows search path vulnerability" affected the Apache OpenOffice before 4.1.3 installers for Windows. The PC must have previously been infected by a Trojan Horse application (or user) running with administrative privilege. Any installer with the unquoted search path vulnerability becomes a delayed trigger for t

nvd

CVE-2016-1513HIGHCVSS 7.8≤ 4.1.22016-08-05

CVE-2016-1513 [HIGH] CWE-125 CVE-2016-1513: The Impress tool in Apache OpenOffice 4.1.2 and earlier allows remote attackers to cause a denial of The Impress tool in Apache OpenOffice 4.1.2 and earlier allows remote attackers to cause a denial of service (out-of-bounds read or write) or execute arbitrary code via crafted MetaActions in an (1) ODP or (2) OTP file.

nvd

CVE-2015-4551MEDIUMCVSS 4.3≤ 4.1.12015-11-10

CVE-2015-4551 [MEDIUM] CWE-200 CVE-2015-4551: LibreOffice before 4.4.5 and Apache OpenOffice before 4.1.2 uses the stored LinkUpdateMode configura LibreOffice before 4.4.5 and Apache OpenOffice before 4.1.2 uses the stored LinkUpdateMode configuration information in OpenDocument Format files and templates when handling links, which might allow remote attackers to obtain sensitive information via a crafted document, which embeds data from local files into (1) Calc or (2) Writer.

nvd

CVE-2015-5212MEDIUMCVSS 6.8≤ 4.1.12015-11-10

CVE-2015-5212 [MEDIUM] CWE-191 CVE-2015-5212: Integer underflow in LibreOffice before 4.4.5 and Apache OpenOffice before 4.1.2, when the configura Integer underflow in LibreOffice before 4.4.5 and Apache OpenOffice before 4.1.2, when the configuration setting "Load printer settings with the document" is enabled, allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via crafted PrinterSetup data in an ODF document.

nvd

CVE-2015-5213MEDIUMCVSS 6.8≤ 4.1.12015-11-10

CVE-2015-5213 [MEDIUM] CWE-189 CVE-2015-5213: Integer overflow in LibreOffice before 4.4.5 and Apache OpenOffice before 4.1.2 allows remote attack Integer overflow in LibreOffice before 4.4.5 and Apache OpenOffice before 4.1.2 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a long DOC file, which triggers a buffer overflow.

nvd

CVE-2015-5214MEDIUMCVSS 6.8≤ 4.1.12015-11-10

CVE-2015-5214 [MEDIUM] CWE-119 CVE-2015-5214: LibreOffice before 4.4.6 and 5.x before 5.0.1 and Apache OpenOffice before 4.1.2 allows remote attac LibreOffice before 4.4.6 and 5.x before 5.0.1 and Apache OpenOffice before 4.1.2 allows remote attackers to cause a denial of service (memory corruption and application crash) or execute arbitrary code via an index to a non-existent bookmark in a DOC file.

nvd

CVE-2015-1774MEDIUMCVSS 6.8≤ 4.1.12015-04-28

CVE-2015-1774 [MEDIUM] CWE-787 CVE-2015-1774: The HWP filter in LibreOffice before 4.3.7 and 4.4.x before 4.4.2 and Apache OpenOffice before 4.1.2 The HWP filter in LibreOffice before 4.3.7 and 4.4.x before 4.4.2 and Apache OpenOffice before 4.1.2 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted HWP document, which triggers an out-of-bounds write.

nvd

CVE-2014-3575MEDIUMCVSS 4.3fixed in 4.1.12014-08-27

CVE-2014-3575 [MEDIUM] CWE-200 CVE-2014-3575: The OLE preview generation in Apache OpenOffice before 4.1.1 and OpenOffice.org (OOo) might allow re The OLE preview generation in Apache OpenOffice before 4.1.1 and OpenOffice.org (OOo) might allow remote attackers to embed arbitrary data into documents via crafted OLE objects.

nvd

CVE-2014-3524CRITICALCVSS 9.3fixed in 4.1.12014-08-26

CVE-2014-3524 [CRITICAL] CWE-77 CVE-2014-3524: Apache OpenOffice before 4.1.1 allows remote attackers to execute arbitrary commands and possibly ha Apache OpenOffice before 4.1.1 allows remote attackers to execute arbitrary commands and possibly have other unspecified impact via a crafted Calc spreadsheet.

nvd

CVE-2013-4156MEDIUMCVSS 6.8fixed in 4.0.02013-07-31

CVE-2013-4156 [MEDIUM] CWE-787 CVE-2013-4156: Apache OpenOffice.org (OOo) before 4.0 allows remote attackers to cause a denial of service (memory Apache OpenOffice.org (OOo) before 4.0 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted element in an OOXML document file.

nvd

CVE-2013-2189MEDIUMCVSS 6.8fixed in 4.0.02013-07-31

CVE-2013-2189 [MEDIUM] CWE-787 CVE-2013-2189: Apache OpenOffice.org (OOo) before 4.0 allows remote attackers to cause a denial of service (memory Apache OpenOffice.org (OOo) before 4.0 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via invalid PLCF data in a DOC document file.

nvd

CVE-2012-2665HIGHCVSS 7.5fixed in 3.4.12012-08-06

CVE-2012-2665 [HIGH] CWE-787 CVE-2012-2665: Multiple heap-based buffer overflows in the XML manifest encryption tag parsing functionality in Ope Multiple heap-based buffer overflows in the XML manifest encryption tag parsing functionality in OpenOffice.org and LibreOffice before 3.5.5 allow remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted Open Document Text (.odt) file with (1) a child tag within an incorrect parent tag, (2) duplicate tags, or (3) a

nvd

← Previous2 / 3Next →